SlideShare uma empresa Scribd logo

Combating Fraud and Intrusion Threats with Event Processing

Tim Bass
Tim Bass

Combating Fraud and Intrusion Threats with Event Processing, TIBCO, TUCON 2007, Tim Bass, CISSP, Principal Global Architect, Director Emerging Technologies Group, TIBCO Software Inc.

Tecnologia
1 de 42
Combating Fraud and Intrusion Threats with Event Processing Tim Bass, CISSP Principal Global Architect, Director Emerging Technologies Group TIBCO Software Inc.
TUCON Session Information ,[object Object],[object Object],[object Object]
Our Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object]
Threats Are Everywhere! Source: www.cert.org Intruders High Low 1980 1985 1990 1995 2000+ Intruder Knowledge Attack Sophistication cross site scripting password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sweepers sniffers packet spoofing GUI automated probes/scans denial of service www attacks Tools “ stealth” / advanced scanning techniques burglaries network mgmt. diagnostics distributed attack tools staged auto coordinated / bots
Malicious Code Trends
Malicious Code – The Numbers
IE Critical Vulnerabilities
FireFox Critical Vulnerabilities
Global Distribution of On-Line Banking
Global Distribution of Phishers
Vulnerabilities Exponentially Increasing?
Our Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object]
SEM Functionality ,[object Object],[object Object],[object Object],[object Object],[object Object]
Overview of IDS & FDS Systems Detection Approach Systems Protected Architecture Data Sources Analysis Timing Detection Actions HIDS NIDS Hybrid Audit Logs Net Traffic System Stats Real Time Data Mining Anomaly Detection Signature Detection Centralized Distributed Active Passive Security Event “Stovepipes” Centralized Distributed Fraud and Intrusion Detection Systems, Logs Agent Based
No Shortage of “Event Aggregators” !
What is Missing from this SEM Architecture?
SEM Illustrated
SEM: Key Take-Aways ,[object Object],[object Object],[object Object],[object Object],[object Object]
Our Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object]
How Does CEP Helps with SEM?
What is an Event? ,[object Object],State 1 State 2 Your on-line banking application is normal A threat to your on-line system was detected Event
What is an Event Driven Architecture? ,[object Object],[object Object],[object Object]
EDA Characteristics Aggregate events across multiple sources; compare reality with expectations Analyze Detect events across extended environment in real-time Sense Update expectations; Invoke distributed services in real-time Respond
Detecting Situations from Events ,[object Object],[object Object],[object Object],[object Object],[object Object]
Event Processing Characteristics ,[object Object],[object Object],[object Object]
Managing Uncertainty ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Houston Denver Edmonton London Sydney NY, NY Trader Dashboards Risk Manager Houston Corporate VP, Risk Risk Management Dashboards Scheduler Dashboards
Key Take-Aways on Events ,[object Object],[object Object],[object Object],[object Object],[object Object]
CEP Illustrated Detecting Threats with Complex Event Processing
Complex Event Processing " Events in several forms, from simple events to complex events, will become very widely used in business applications during 2004 through 2008 " --- Gartner July 2003 Situation Detection
Event Processing Reference Architecture 24 EVENT PRE-PROCESSING EVENT SOURCES EXTERNAL . . . LEVEL ONE EVENT TRACKING Visualization, BAM, User Interaction Event-Processing Architecture DB MANAGEMENT Historical Data Profiles & Patterns DISTRIBUTED LOCAL EVENT SERVICES . . EVENT PROFILES . . DATA BASES . . OTHER DATA LEVEL TWO SITUATION DETECTION LEVEL THREE PREDICTIVE ANALYSIS LEVEL FOUR ADAPTIVE BPM
Situational Awareness via Event Processing ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Level of Inference Low Med High
Event Processing Characteristics ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Our Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object]
TIBCO BusinessEvents™ Solutions Overview BusinessEvents™ Solutions Space Data: Events & Databases -Real-Time & Historical Data Models: Statistical Financial Optimization Comms: Pub/Sub Messaging Queues Topics UIs Knowledge: Facts & Rules
TIBCO BusinessEvents™ Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],Modeling Tools, Statefulness, Business Rules and Process Integration UML Conceptual UML State Business Rules Business Users Event Analyzer
TIBCO BusinessEvents™ Overview Collection, Normalization Metric of Managed Objects, Normalized Non-Contextual Events Metadata Repository Semantic Model Events Rules Design Environment State Model Event Management, Correlation, Aggregation, Inference and Analysis Correlated, Analyzed, Contextual Dialogue Events Rules, Knowledge, Patterns, Models Visualization, Reporting, Alert Management Application Interface Feeds Visualization: Detection Metrics Agents Synthetic Warehouse Visualization: Process View Dialogue Manager Inference Engine FDS/IDS Logfiles Edge Devs Sensors
BusinessEvents™ Components Enterprise Metadata (Concepts, Properties, State Models, XML Schemas, Business Rules) BusinessEvents Workbench (Designtime) BusinessEvents Engine (Runtime) Business User Interface Business User Language Decision Tables Runtime Viewer Management Server
Runtime – BusinessEvents™ Engine Engine Inference Engine ,[object Object],[object Object],[object Object],[object Object],Models ,[object Object],[object Object],[object Object],Monitor and Management Channels Embedded DB
On-Line Fraud Detection Use Case Approx. 12,000 Hits Per Second During Peak Period Across the Three Sites – One Instance Of TIBCO BusinessEvents™ Capable of Handling Maximum Hits Overall 100 Million Hits Handled Between 3PM – 4 PM Peak Approx. 250 Million Hits Per Day Across the Three Sites TIBCO EMS™ TIBCO Business Events™ Session Info Three Server Farms ~600-700 Application Servers
Wrap Up: TIBCO’s CEP-Based SEM ,[object Object],[object Object],[object Object],[object Object],[object Object]
Q & A ,[object Object]
Thank You! Tim Bass, CISSP Principal Global Architect, Director TIBCO Software Inc.

Recomendados

Using Event Processing to Enable Enterprise Security
Using Event Processing to Enable Enterprise SecurityUsing Event Processing to Enable Enterprise Security
Using Event Processing to Enable Enterprise Security
Tim Bass
 
Processing Patterns for Predictive Business
Processing Patterns for Predictive BusinessProcessing Patterns for Predictive Business
Processing Patterns for Predictive Business
Tim Bass
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
CMR WORLD TECH
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
Jonathan Sinclair
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare ☁
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 

Recomendados

Using Event Processing to Enable Enterprise Security
Using Event Processing to Enable Enterprise SecurityUsing Event Processing to Enable Enterprise Security
Using Event Processing to Enable Enterprise Security
Tim Bass
 
Processing Patterns for Predictive Business
Processing Patterns for Predictive BusinessProcessing Patterns for Predictive Business
Processing Patterns for Predictive Business
Tim Bass
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
CMR WORLD TECH
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
Jonathan Sinclair
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare ☁
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integration
Michael Nickle
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
at MicroFocus Italy ❖✔
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
AlienVault
 
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
Nathaniel Palmer
 
Osprey Bank Risk
Osprey Bank RiskOsprey Bank Risk
Osprey Bank Risk
pakelly
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
Komand
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Brian Andrzejewski
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security Initiatives
Marco Morana
 
Business cases for software security
Business cases for software securityBusiness cases for software security
Business cases for software security
Marco Morana
 
2016 Risk Management Workshop
2016 Risk Management Workshop2016 Risk Management Workshop
2016 Risk Management Workshop
Stacy Willis
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Soc
SocSoc
Soc
Mukesh Chaudhari
 
Use Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyUse Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiency
JonathanPritchard12
 
Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
Core Security Technologies
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
MHumaamAl
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
Steve Arnold
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
Vijilan IT Security solutions
 
Optimizing Your SOA with Event Processing
Optimizing Your SOA with Event ProcessingOptimizing Your SOA with Event Processing
Optimizing Your SOA with Event Processing
Tim Bass
 
TIBCO Business Events Training
TIBCO Business Events TrainingTIBCO Business Events Training
TIBCO Business Events Training
mindmajixtrainings
 
Complex Event Processing with Esper
Complex Event Processing with EsperComplex Event Processing with Esper
Complex Event Processing with Esper
António Alegria
 

Mais conteúdo relacionado

Mais procurados

State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
at MicroFocus Italy ❖✔
 
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
Nathaniel Palmer
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Brian Andrzejewski
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
Steve Arnold
 

Mais procurados (19)

Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integration
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
 
Osprey Bank Risk
Osprey Bank RiskOsprey Bank Risk
Osprey Bank Risk
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security Initiatives
 
Business cases for software security
Business cases for software securityBusiness cases for software security
Business cases for software security
 
2016 Risk Management Workshop
2016 Risk Management Workshop2016 Risk Management Workshop
2016 Risk Management Workshop
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Soc
SocSoc
Soc
 
Use Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyUse Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiency
 
Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
 

Destaque

Visualization in the Age of Big Data
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big Data
Raffael Marty
 
Anatomy at a glance flashcards
Anatomy at a glance flashcardsAnatomy at a glance flashcards
Anatomy at a glance flashcards
Elsa von Licy
 
Respiratory Muscle Decline in Duchenne Muscular Dystrophy (2)
Respiratory Muscle Decline in Duchenne Muscular Dystrophy (2)Respiratory Muscle Decline in Duchenne Muscular Dystrophy (2)
Respiratory Muscle Decline in Duchenne Muscular Dystrophy (2)
Mahmoud Halawa
 

Destaque (20)

Optimizing Your SOA with Event Processing
Optimizing Your SOA with Event ProcessingOptimizing Your SOA with Event Processing
Optimizing Your SOA with Event Processing
 
TIBCO Business Events Training
TIBCO Business Events TrainingTIBCO Business Events Training
TIBCO Business Events Training
 
Complex Event Processing with Esper
Complex Event Processing with EsperComplex Event Processing with Esper
Complex Event Processing with Esper
 
Complex Event Processing in Practice at jDays 2012
Complex Event Processing in Practice at jDays 2012Complex Event Processing in Practice at jDays 2012
Complex Event Processing in Practice at jDays 2012
 
Complex Event Processing: What?, Why?, How?
Complex Event Processing: What?, Why?, How?Complex Event Processing: What?, Why?, How?
Complex Event Processing: What?, Why?, How?
 
CEP Overview v1 2 for public use
CEP Overview v1 2 for public useCEP Overview v1 2 for public use
CEP Overview v1 2 for public use
 
Mythbusters: Event Stream Processing v. Complex Event Processing
Mythbusters: Event Stream Processing v. Complex Event ProcessingMythbusters: Event Stream Processing v. Complex Event Processing
Mythbusters: Event Stream Processing v. Complex Event Processing
 
Semantic Complex Event Processing at Sem Tech 2010
Semantic Complex Event Processing at Sem Tech 2010Semantic Complex Event Processing at Sem Tech 2010
Semantic Complex Event Processing at Sem Tech 2010
 
WSO2Con USA 2017: Scalable Real-time Complex Event Processing at Uber
WSO2Con USA 2017: Scalable Real-time Complex Event Processing at UberWSO2Con USA 2017: Scalable Real-time Complex Event Processing at Uber
WSO2Con USA 2017: Scalable Real-time Complex Event Processing at Uber
 
Semantic Complex Event Processing
Semantic Complex Event ProcessingSemantic Complex Event Processing
Semantic Complex Event Processing
 
Visualization in the Age of Big Data
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big Data
 
Anatomy at a glance flashcards
Anatomy at a glance flashcardsAnatomy at a glance flashcards
Anatomy at a glance flashcards
 
Complex Event Processing
Complex Event ProcessingComplex Event Processing
Complex Event Processing
 
right middle lobe syndrome
right middle lobe syndromeright middle lobe syndrome
right middle lobe syndrome
 
Tracheal bronchus slide
Tracheal bronchus slideTracheal bronchus slide
Tracheal bronchus slide
 
Chronic obstructive pulmonary disease
Chronic obstructive pulmonary diseaseChronic obstructive pulmonary disease
Chronic obstructive pulmonary disease
 
Optical Burst Switching
Optical Burst SwitchingOptical Burst Switching
Optical Burst Switching
 
right middle lobe collapse
right middle lobe collapseright middle lobe collapse
right middle lobe collapse
 
Pericardium
PericardiumPericardium
Pericardium
 
Respiratory Muscle Decline in Duchenne Muscular Dystrophy (2)
Respiratory Muscle Decline in Duchenne Muscular Dystrophy (2)Respiratory Muscle Decline in Duchenne Muscular Dystrophy (2)
Respiratory Muscle Decline in Duchenne Muscular Dystrophy (2)
 

Semelhante a Combating Fraud and Intrusion Threats with Event Processing

Security Information Management: An introduction
Security Information Management: An introductionSecurity Information Management: An introduction
Security Information Management: An introduction
Seccuris Inc.
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environments
amiable_indian
 
Belnet events management
Belnet events managementBelnet events management
Belnet events management
Xavier Mertens
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest Resume
Dhishant Abrol
 

Semelhante a Combating Fraud and Intrusion Threats with Event Processing (20)

CEP and SOA: An Open Event-Driven Architecture for Risk Management
CEP and SOA: An Open Event-Driven Architecture for Risk ManagementCEP and SOA: An Open Event-Driven Architecture for Risk Management
CEP and SOA: An Open Event-Driven Architecture for Risk Management
 
Processing Patterns for PredictiveBusiness
Processing Patterns for PredictiveBusinessProcessing Patterns for PredictiveBusiness
Processing Patterns for PredictiveBusiness
 
Using Event Processing to Enable Enterprise Security
Using Event Processing to Enable Enterprise SecurityUsing Event Processing to Enable Enterprise Security
Using Event Processing to Enable Enterprise Security
 
CEP: Event-Decision Architecture for PredictiveBusiness, July 2006
CEP: Event-Decision Architecture for PredictiveBusiness, July 2006CEP: Event-Decision Architecture for PredictiveBusiness, July 2006
CEP: Event-Decision Architecture for PredictiveBusiness, July 2006
 
Complex Event Processing (CEP) for Next-Generation Security Event Management,...
Complex Event Processing (CEP) for Next-Generation Security Event Management,...Complex Event Processing (CEP) for Next-Generation Security Event Management,...
Complex Event Processing (CEP) for Next-Generation Security Event Management,...
 
Event Driven Architecture (EDA), November 2, 2006
Event Driven Architecture (EDA), November 2, 2006Event Driven Architecture (EDA), November 2, 2006
Event Driven Architecture (EDA), November 2, 2006
 
Intellica Event and Action Manager
Intellica Event and Action ManagerIntellica Event and Action Manager
Intellica Event and Action Manager
 
Detecting Opportunities and Threats with Complex Event Processing: Case St...
Detecting Opportunities and Threats with Complex Event Processing: Case St...Detecting Opportunities and Threats with Complex Event Processing: Case St...
Detecting Opportunities and Threats with Complex Event Processing: Case St...
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Security Information Management: An introduction
Security Information Management: An introductionSecurity Information Management: An introduction
Security Information Management: An introduction
 
ServiceNow Event Management
ServiceNow Event ManagementServiceNow Event Management
ServiceNow Event Management
 
Intellica evam summary
Intellica evam summaryIntellica evam summary
Intellica evam summary
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environments
 
Events Management or How to Survive Security Incidents
Events Management or How to Survive Security IncidentsEvents Management or How to Survive Security Incidents
Events Management or How to Survive Security Incidents
 
Belnet events management
Belnet events managementBelnet events management
Belnet events management
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest Resume
 
Security Governance Isp Eng
Security Governance Isp EngSecurity Governance Isp Eng
Security Governance Isp Eng
 
tarunidhar
tarunidhartarunidhar
tarunidhar
 
Security & Risk Management
Security & Risk ManagementSecurity & Risk Management
Security & Risk Management
 

Mais de Tim Bass

Mais de Tim Bass (9)

A High Level Blackboard Architecture for Cyber SA
A High Level Blackboard Architecture for Cyber SAA High Level Blackboard Architecture for Cyber SA
A High Level Blackboard Architecture for Cyber SA
 
A Journey Into Cyberspace
A Journey Into CyberspaceA Journey Into Cyberspace
A Journey Into Cyberspace
 
Event Processing Technical Society Event Processing Reference Architecture W...
Event Processing Technical Society Event Processing Reference Architecture W...Event Processing Technical Society Event Processing Reference Architecture W...
Event Processing Technical Society Event Processing Reference Architecture W...
 
Leveraging Business Rules in TIBCO BusinessEvents
Leveraging Business Rules in TIBCO BusinessEventsLeveraging Business Rules in TIBCO BusinessEvents
Leveraging Business Rules in TIBCO BusinessEvents
 
Next-Generation IDS: A CEP Use Case in 10 Minutes
Next-Generation IDS: A CEP Use Case in 10 MinutesNext-Generation IDS: A CEP Use Case in 10 Minutes
Next-Generation IDS: A CEP Use Case in 10 Minutes
 
A Survey of Event Processing Languages (EPLs), October 7, 2006
A Survey of Event Processing Languages (EPLs), October 7, 2006A Survey of Event Processing Languages (EPLs), October 7, 2006
A Survey of Event Processing Languages (EPLs), October 7, 2006
 
Proposed Event Processing Definitions ,September 20, 2006
Proposed Event Processing Definitions ,September 20, 2006Proposed Event Processing Definitions ,September 20, 2006
Proposed Event Processing Definitions ,September 20, 2006
 
Event Processing Reference Architecture, March 2006
Event Processing Reference Architecture, March 2006Event Processing Reference Architecture, March 2006
Event Processing Reference Architecture, March 2006
 
Adding Rules to Improve Flexibility and Effectively Manage Complex Events
Adding Rules to Improve Flexibility and Effectively Manage Complex EventsAdding Rules to Improve Flexibility and Effectively Manage Complex Events
Adding Rules to Improve Flexibility and Effectively Manage Complex Events
 

Último

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 

Último (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Combating Fraud and Intrusion Threats with Event Processing

  • 1. Combating Fraud and Intrusion Threats with Event Processing Tim Bass, CISSP Principal Global Architect, Director Emerging Technologies Group TIBCO Software Inc.
  • 2.
  • 3.
  • 4. Threats Are Everywhere! Source: www.cert.org Intruders High Low 1980 1985 1990 1995 2000+ Intruder Knowledge Attack Sophistication cross site scripting password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sweepers sniffers packet spoofing GUI automated probes/scans denial of service www attacks Tools “ stealth” / advanced scanning techniques burglaries network mgmt. diagnostics distributed attack tools staged auto coordinated / bots
  • 6. Malicious Code – The Numbers
  • 9. Global Distribution of On-Line Banking
  • 12.
  • 13.
  • 14. Overview of IDS & FDS Systems Detection Approach Systems Protected Architecture Data Sources Analysis Timing Detection Actions HIDS NIDS Hybrid Audit Logs Net Traffic System Stats Real Time Data Mining Anomaly Detection Signature Detection Centralized Distributed Active Passive Security Event “Stovepipes” Centralized Distributed Fraud and Intrusion Detection Systems, Logs Agent Based
  • 15. No Shortage of “Event Aggregators” !
  • 16. What is Missing from this SEM Architecture?
  • 18.
  • 19.
  • 20. How Does CEP Helps with SEM?
  • 21.
  • 22.
  • 23. EDA Characteristics Aggregate events across multiple sources; compare reality with expectations Analyze Detect events across extended environment in real-time Sense Update expectations; Invoke distributed services in real-time Respond
  • 24.
  • 25.
  • 26.
  • 27.
  • 28. CEP Illustrated Detecting Threats with Complex Event Processing
  • 29. Complex Event Processing " Events in several forms, from simple events to complex events, will become very widely used in business applications during 2004 through 2008 " --- Gartner July 2003 Situation Detection
  • 30. Event Processing Reference Architecture 24 EVENT PRE-PROCESSING EVENT SOURCES EXTERNAL . . . LEVEL ONE EVENT TRACKING Visualization, BAM, User Interaction Event-Processing Architecture DB MANAGEMENT Historical Data Profiles & Patterns DISTRIBUTED LOCAL EVENT SERVICES . . EVENT PROFILES . . DATA BASES . . OTHER DATA LEVEL TWO SITUATION DETECTION LEVEL THREE PREDICTIVE ANALYSIS LEVEL FOUR ADAPTIVE BPM
  • 31.
  • 32.
  • 33.
  • 34. TIBCO BusinessEvents™ Solutions Overview BusinessEvents™ Solutions Space Data: Events & Databases -Real-Time & Historical Data Models: Statistical Financial Optimization Comms: Pub/Sub Messaging Queues Topics UIs Knowledge: Facts & Rules
  • 35.
  • 36. TIBCO BusinessEvents™ Overview Collection, Normalization Metric of Managed Objects, Normalized Non-Contextual Events Metadata Repository Semantic Model Events Rules Design Environment State Model Event Management, Correlation, Aggregation, Inference and Analysis Correlated, Analyzed, Contextual Dialogue Events Rules, Knowledge, Patterns, Models Visualization, Reporting, Alert Management Application Interface Feeds Visualization: Detection Metrics Agents Synthetic Warehouse Visualization: Process View Dialogue Manager Inference Engine FDS/IDS Logfiles Edge Devs Sensors
  • 37. BusinessEvents™ Components Enterprise Metadata (Concepts, Properties, State Models, XML Schemas, Business Rules) BusinessEvents Workbench (Designtime) BusinessEvents Engine (Runtime) Business User Interface Business User Language Decision Tables Runtime Viewer Management Server
  • 38.
  • 39. On-Line Fraud Detection Use Case Approx. 12,000 Hits Per Second During Peak Period Across the Three Sites – One Instance Of TIBCO BusinessEvents™ Capable of Handling Maximum Hits Overall 100 Million Hits Handled Between 3PM – 4 PM Peak Approx. 250 Million Hits Per Day Across the Three Sites TIBCO EMS™ TIBCO Business Events™ Session Info Three Server Farms ~600-700 Application Servers
  • 40.
  • 41.
  • 42. Thank You! Tim Bass, CISSP Principal Global Architect, Director TIBCO Software Inc.